Personal security system

ABSTRACT

A personal security system takes advantage of location determination capabilities of a mobile communication services to provide personal security features to one or more communities of users. One method includes a user initiating a security period from a mobile device and specifying an end condition for that security period. If the user does not terminate the security period, at the end of the security period a notification is sent with information characterizing the user and a location associated with the user.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of U.S. Provisional Application No.60/784,276 filed Mar. 20, 2006, which is incorporated herein byreference.

BACKGROUND

This invention relates to a system for personal security.

Cellular telephone systems today typically provide some sort of locationtracking of users, for example, to determine the location of a user thatdials an emergency number (e.g., using E911). In some communities ofusers, such as students on a university campus, use of cellulartelephones has become ubiquitous, with users using text messaging andother applications to stay “connected.”

SUMMARY

In one aspect, in general, a personal security system takes advantage oflocation determination capabilities of a mobile communication servicesto provide personal security features to one or more communities ofusers.

In another aspect, in general, a method includes a user initiating asecurity period from a mobile device and specifying an end condition forthat security period. If the user does not terminate the securityperiod, at the end of the security period a notification is sent withinformation characterizing the user and a location associated with theuser.

In another aspect, in general, a method includes receiving communicationindicative of initiation of a security period associated with a user ofa mobile device. If the user does not terminate the security period, atthe end of the security period sending a notification with informationcharacterizing the user and a location associated with the user.

In another aspect, in general, a system includes a communication serverthat includes a communication link to a location based server forobtaining location information associated with mobile devices for usersin a community. The communication server is configured to receivecommunication indicative of initiation by a user of the mobile devicesof a security period, and if the user does not terminate the securityperiod, at the end of the security period send a notification withinformation characterizing the user and a location associated with theuser.

Aspects can include one or more of the following features.

Receiving the communication includes receiving a specification of an endcondition for the security period. The end condition may include an endtime for the security period. The method may include timing the securityperiod to determine the end of the security period.

The user is prompted at the end of the security period to terminate thesecurity period.

Sending the notification includes sending the notification to a securityservice associated with the user.

Information characterizing a location associated with the user isobtained from a mobile communication system servicing the mobile device.For example, the mobile device is a cellular telephone and the mobilecommunication system is a cellular telephone system.

The user was previously enrolled, for example, by receiving personalinformation associated with the user.

Sending the notification includes sending personal informationassociated with the user.

The security period can have a user-specified duration, and the endcondition for the period corresponds to expiration of a timer for theperiod.

The user initiates the security period using a mobile device, andoptionally terminates the security period using the mobile device. Themobile device can be a mobile telephone.

The location associated with the user can include a GPS-based location,for example, determined by a communication system to which the mobiledevice is coupled

In another aspect, in general, mobile devices are provided to users in aset of communities of users. Communication is monitored at a server fromthe users indicative of initiation and termination of security periodsassociated with the users. Based on the monitored communication,notifications are sent with information characterizing users andlocations associated with said users. The recipients of thenotifications are determined based on the corresponding communities towhich the users belong. The notifications may be indicative of possiblesecurity conditions associated with the users. Sending of thenotifications may be based on expiration of security periods prior toreceipt of corresponding communication indicative of termination of thesecurity periods.

Aspects can have advantages that include one or more of the following:

Faster and more effective intervention is possible. Campus safety can beimmediately notified on an incident, the location and criticalinformation such as the student's description and any medical issues.Students are also provided with a one button “panic call” optionprompting an immediate response.

The system can eliminate “consensual” arguments in acquaintance assaultbecause activation of the system is a clear sign that the student wasuncomfortable in a situation.

Crimes in progress may be interrupted when the system timer expirescampus safety immediately calls the student's phone, interrupting anyassault

Clery Act Timely Warnings are made possible so that universities areable to instantly broadcast warnings via TXT messages.

Areas of concern on campus may be highlighted. Historical reporting onareas where the system was initiated provides universities with a clearpicture of areas where students feel uncomfortable and at what times ofday, enabling proactive measures such as increased patrols or enhancedlighting.

Other features and advantages of the invention are apparent from thefollowing description, and from the claims.

DESCRIPTION OF DRAWINGS

FIG. 1 is a block diagram of a personal security system

FIG. 2 is a graphical display for security personnel.

DESCRIPTION

Referring to FIG. 1, a personal security system makes use of personalmobile handsets 128 coupled to a mobile communication system 120. Eachhandset 128 is associated with a corresponding user of the system. Insome examples, the handsets are cellular telephones that are coupled bya mobile telephone system, such as a GSM, CDMA or and iDen based system.

Very generally, the system makes use of a communication server 110, onefunction of which is to determine when a security situation may existfor one of the users, and to then alert an appropriate security service134. The security service then determines if there is truly a securitysituation, for example, by communicating with the user over the handsetor investigating in person.

In order to aid the security service, examples of the system make use ofvarious types of location based services. For example, the mobilecommunication system includes or has associated with it a location basedserver (LBS) 124, which is able to determine the location of aparticular handset 128. The communication server 110 can query the LBS124 (e.g., as a software based request over the Internet) to determinethe location of a particular handset. Different examples of the securitysystem make use of one or more types of location determinationapproaches. One type of location determination approach uses GlobalPositioning System (GPS) functionality that is built into the handset,optionally assisted by fixed elements of the mobile communication system120 in an Assisted GPS (AGPS) approach. Other location determinationapproaches use signal strength and/or direction information intriangulation approaches based on transmitted or received radio signalsfrom the mobile communication system. Yet other approaches are based oncell identification in a cellular telephone network.

Some examples of the system provide services to multiple differentcommunities 130 of users. Communities can be various associations ofusers, which may each be served by their own security service 134. Anexample of a community is a university, with the security service beingthe campus police service for that university. In such an example,different universities typically have separate campus police services.

Note that in some examples, the communities may not be geographicallyseparated. For example, urban universities may have student communitiesthat are very close to one another (e.g., students of New YorkUniversity and Columbia University), and the users is such communitiesmay operate in overlapping geographic regions. The system supportsconfigurations in which the users are serviced by the security servicefor their community, regardless of their actual geographic location.

In some examples, the personal security system supports a personalsecurity button on the handset. Various approaches to configuring thehandset to provide such a button are possible, including throughprovisioning by the operator of the mobile communication system and bydownloading software to a configurable device. For example, the “home”or “dashboard” screen of a mobile telephone can provide direct “onetouch” access to security services.

When a user activates the personal security button, the handset 128sends a message to the communication server 110. Various approaches tosending the message are used in different examples of the system. Someexamples use a Short Message Service (SMS) provided through the mobilecommunication system. When the communication server 110 receives themessage, it queries the LBS 124 to determine the location of the sendinghandset. In some examples the LBS already has access to locationinformation for the handset that is maintained by the communicationsystem, while in other examples, it in turn queries the communicationsystem which determines the handset's location. The LBS returns thehandset's location to the communication server 110, which then contactsthe appropriate security service 134 for the user's community.

Different examples of the system use various approaches to enrollment ofusers. In some approaches, a web-based approach is used in which a userprovides enrollment information to the communication server. Suchinformation includes an identification of the user's community 130, andoptionally personal information that might be useful to the securityservice in an emergency. In other examples, the users enroll through asystem operated by the community, and personal information is maintainedprivately within the community. The community provides the communicationserver with identifications of the handsets within its community.Example of personal information that may be useful to a security serviceis a photograph of the user and physical data (e.g., gender, height,weight, hair color, etc.)

Some mobile communication systems 120 require that a user authorizeparticular parties so that they can access their location information,for example, through the LBS 124. In such systems, as part of theenrollment process the users provide the necessary authorization, whichis communicated to the LBS and/or the mobile communication system.

In some examples, the personal security system supports a mode that canbe used when a user expects to be at some risk for an upcoming intervalof time. For example, a university student may need to cross a campuslate at night and feel at risk walking along isolated paths.

Some examples of such a mode use a timer-based approach. Generally, whenthe user is about to initiate an interval of time during which they mayfeel at risk, they initiate the timing of an interval by the securitysystem. If the user “checks in” before the expiry of the interval, oralternatively in response to a prompt by the system at the end of theinterval, the user is deemed to be safe. On the other hand, if the userdoes not check in or does not respond to a prompt, or optionally if thehandset is not accessible from the communication system 120 during theinterval, the security service for that user's community is notifiedalong with the last known location of the handset.

Referring to FIG. 1, a sequence of steps for a previously registereduser of the system are described in such an example:

Step 1: The user notifies the communication server 110 that they areabout to start an at-risk interval. In different examples, this step iscarried out in a variety of ways. For example, the handset may have abrowser (e.g., a Wireless Application Protocol, WAP, browser) thataccesses an application at the communication server that provides agraphical interface for display on the handset. The graphical interfacepermits the user to enter the duration of the interval (or alternativelythe end time of the interval). In some examples, the user has provided aPersonal Identification Number (PIN) to be used to check in—in otherexamples the user provides a check-in PIN at the start of the interval.In some examples, a software application has already been loaded on thehandset, and the application sends data messages to the communicationserver 110 to initiate the interval. In other examples, communicationtechniques such as SMS, or voice based (e.g., using speech recognition)or touch-tone (DTMF) based interfaces are user by the user to inform thecommunication server that the interval is about to start. In someexamples, the communication between the handset and the communicationserver is direct, while in other examples, the communication is mediatedby a system operated by the user's community. When the communicationserver determines that the user has started an interval, it begins acount-down timer that will expire at the end of the interval.

Step 2 a: Prior to the end of the interval, the user can communicatewith the communication server to check in and terminate the interval.With PIN-based approaches, the user enters their secret PIN, which wasrecorded as part of a registration procedure, or was provided at thestart of the interval. In some examples, the user has the option ofentering a special PIN that indicates that they are in danger. Forexample, suppose an attacker forces a user to terminate the interval,the user can enter a special PIN, such a pre-arranged PIN or the normalPIN with a special suffix (e.g., adding a 1 at the end of the PIN). Thiscan signal the communication server that the user is in danger withoutalerting the attacker.

Step 2 b: If at the end of the interval the user has not yet check in,the communication server can act on the possibility that the user is indanger. In some examples, the server first communicates automaticallywith the user. For example, the server may interact with an applicationexecuting on the handset, send a SMS-based message that needs to beresponded to, or may a telephone call requiring voice or text entry ofthe PIN.

Step 3: If the user has not checked in prior to the expiry of theplanned interval, or has not responded to the prompt from the system atthe end of the interval in examples that are configured to provide sucha prompt, the communication server 110 requests location information forthe user's handset.

Step 4: The LBS 124 determines the last known location of the user,optionally with the time the location determination was made. The LBSthen send this location information to the communication server 110. Thelocation information may take various forms, such as latitude andlongitude.

Step 5: The communication server 110 notifies the security service 134for the user. In examples in which the communication server 110 servesmany communities, the server has been configured with at leastinformation identifying the particular security service to notify (oralternatively, multiple security services may be notified and only theone responsible for that handset acts on the notification). In examplesin which the communication server has additional personal informationrelated to the user (e.g., name, photo, etc.) it sends this informationalong with the notification. In examples in which the security servicehas access to personal information for that user, it accesses thatinformation in response to the notification.

In some examples, security personnel, for example at a command stationor at a mobile device for personnel on patrol, are provided with adisplay associated with the user and the current risk. For example,referring to FIG. 2, a graphical display with a map showing the user'slocation (or last known location), a photograph of the user, as well astext-based personal information are displayed to the security personnel.

Step 6: The security personnel attempt to interact with the user, forexample, by calling their handset to establish person-to-personcommunication, and/or by dispatching personnel to the user's location toprovide assistance. When appropriate, the security service may notifyother security organizations, such as a local police department, to helphandle the incident.

In some examples, when a user initiates an at-risk interval, thecommunication server may initially inform the security service andprovide location information obtained from the LBS on an ongoing basis.The security service can maintain a display, for example showing theirlocations on a map, of users as they travel. In some examples, users mayhave the option of permitting or denying such tracking, for example, forprivacy reasons. A concentration of users in a particular area may beaddressed by dispatching preventive patrols into the area. Also,historical information may be logged, for example, to identify areas andtime in which users feel at risk or in which incidents actually occur.Such historical information may used, for example, to improve users'sense of security in those areas, for example though physicalimprovements (e.g., lighting) or increased patrols.

In some examples, the security period may be defined using other and/oradditional criteria than time duration or end time. For example, a usermay identify a route (e.g., using a destination building number) and thesecurity period is defined as the time until the user reaches thedestination. In such an example, the end of the security period may bedefined by the server as a reasonable time needed to reach thedestination. In some examples, the communication server may determinethat there may be a possible security condition if the user deviatessignificantly from a path to the declared destination.

In some examples, security periods may be initiated or defined byentities other than the user. For example, a parent may require that achild check in at a particular time (e.g., at midnight) or at a set ofprespecified times (e.g., every two hours). In addition or instead ofnotifying a security service, the parent may be notified if the childfails to check in. That is, the parent may serve the role of thesecurity service. Similarly, an elderly parent may need to check inperiodically or else their adult child or other caregiver is notifiedwith information about their location. In some examples, a child mayinitiate the security period with the parent being notified if they failto terminate the period or check in when prompted.

In some examples, a security period may be initiated by a passiveactivity of the user. For example, a system may detect that a user hasentered a predefined geographic area (e.g., going off campus, leaving anursing home) and may have to check in within a certain period of time(e.g., within one hour).

In some examples, the user's community security service is notifiedregardless of the user's geographic location. For example, a user from auniversity in California may be visiting New York City yet theirsecurity-related notifications are sent back to California. Thisapproach can permit their university security service to provideadditional information to local New York police. In other examples, thesecurity service that is notified may depend on the user's geographiclocation. For example, universities may cooperate and a student visitinganother university's campus may result in a notification to the securityservice of the visited university in addition or instead of the user'shome university.

In some examples, one communication server 110 may interact withmultiple mobile communication systems. For example, users in a singlecommunity 130 or in different communities 130 may be served by differentmobile telephone carriers.

In some version of the system, additional community services 136 maytake advantage of the capabilities of the communication server. Forexample in a university situation, a community service may include anacademic group that provides class-related notifications (e.g., classcancellation, in-class surveys, etc.). Another community service mayinclude access to transportation information, such a campus bus routes,schedules, and expected arrival time information. Other examples includebroadcasting of campus-wide alerts, which may be security related.

In the description above, in some examples of the system a universitystudent community is provided as an example of users served by thesystem. Other examples of communities may be served by examples of thesystem. For example, personnel on a military base, a special interestgroup, a church group, residents of a housing development, inhabitantsof cities, towns, hotel guests, etc. can each form a community served byan example of a personal security system.

In some examples, capabilities described are implemented in software,which may be stored on computer readable media or embodied on signalspropagating through communication media (e.g., over wired or wirelessnetworks). The software may include instructions, such as machineinstructions, programming language or interpreter statements,instructions for virtual machines (e.g., Java), or other forms ofinstructions. The software may be distributed, for example, with somecomponents execution on the handsets and other components executing atfixed servers.

It is to be understood that the foregoing description is intended toillustrate and not to limit the scope of the invention, which is definedby the scope of the appended claims. Other embodiments are within thescope of the following claims.

1. A method comprising: receiving communication indicative of initiationof a security period associated with a user of a mobile device; and ifthe user does not terminate the security period, at the end of thesecurity period sending a notification with information characterizingthe user and a location associated with the user.
 2. The method of claim1 wherein receiving the communication includes receiving a specificationof an end condition for the security period.
 3. The method of claim 2wherein the end condition includes an end time for the security period.4. The method of claim 2 further comprising timing the security periodto determine the end of the security period.
 5. The method of claim 1further comprising prompting the user to terminate the security periodat the end of the security period.
 6. The method of claim 1 whereinsending the notification includes sending the notification to a securityservice associated with the user.
 7. The method of claim 1 furthercomprising obtaining information characterizing a location associatedwith the user from a mobile communication system servicing the mobiledevice.
 8. The method of claim 7 wherein the mobile device comprises acellular telephone and the mobile communication system comprises acellular telephone system.
 9. The method of claim 1 further comprising:enrolling the user, including receiving personal information associatedwith the user.
 10. The method of claim 9 wherein sending thenotification includes sending the personal information associated withthe user.
 11. A method comprising: providing mobile devices to users ina plurality of communities of users; monitoring communication at aserver from the users indicative of initiation and termination ofsecurity periods associated with the users; and based on the monitoredcommunication, sending notifications with information characterizingusers and locations associated with said users, recipients of thenotifications being determined based on the corresponding communities towhich the users belong.
 12. The method of claim 11 wherein thenotifications are indicative of possible security conditions associatedwith the users.
 13. The method of claim 11 wherein the sending of thenotifications is based on expiration of security periods prior toreceipt of corresponding communication indicative of termination of thesecurity periods.
 14. A system comprising: a communication serverincluding a communication link to a location based server for obtaininglocation information associated with mobile devices for users in acommunity; wherein the communication server is configured to receivecommunication indicative of initiation of a security period associatedwith a user of the mobile devices, and if the user does not terminatethe security period, at the end of the security period send anotification with information characterizing the user and a locationassociated with the user.
 15. The system of claim 14 further comprisingthe plurality of mobile devices configured for communication withcommunication server.
 16. The system of claim 14 further wherein thecommunication server is further configured to receive a communicationinitiated by the user during the security period and in response to senda notification with information characterizing the user and a locationassociated with the user.
 17. Software comprising instructions embodiedon a machine-readable medium for causing a processing system to: receivecommunication indicative of initiation of a security period associatedwith a user of a mobile device; and if the user does not terminate thesecurity period, at the end of the security period send a notificationwith information characterizing the user and a location associated withthe user.